I've got a Laravel 9 project being used as an API. I'm using the Laravel Spatie Permissions package to perform permission and role checks. I've set up a Laravel policy called UserPolicy, and thus far my policy methods are working fine, apart from when I attempt to authorize my show function.
My API only passes the model's ID, and this is fine, also, I already have my user by this point. I'm checking to see whether the logged in user has the ability to view another user that may not be their-self in the platform here.
The error:
Too few arguments to function App\Policies\UserManagement\UserPolicy::view(), 1 passed in /Users/ryanholton/Sites/lespro-api/vendor/laravel/framework/src/Illuminate/Auth/Access/Gate.php on line 798 and exactly 2 expected
Here's my controller action:
/**
* Display the specified resource.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
$this->authorize('view', User::class);
$user = User::with('roles')->find($id);
if (!$user) {
return response()->json([
'message' => 'User not found or invalid user ID'
], 404);
}
return response()->json([
'user' => $user
], 200);
}
And my policy:
<?php
namespace App\Policies\UserManagement;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class UserPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\Models\User $user
* @return \Illuminate\Auth\Access\Response|bool
*/
public function viewAny(User $user)
{
if ($user->can('user_index')) {
return true;
}
}
/**
* Determine whether the user can view the model.
*
* @param \App\Models\User $user
* @param \App\Models\User $model
* @return \Illuminate\Auth\Access\Response|bool
*/
public function view(User $user, User $model)
{
if ($user->can('user_show')) {
return true;
}
}
/**
* Determine whether the user can create models.
*
* @param \App\Models\User $user
* @return \Illuminate\Auth\Access\Response|bool
*/
public function create(User $user)
{
if ($user->can('user_store')) {
return true;
}
}
/**
* Determine whether the user can update the model.
*
* @param \App\Models\User $user
* @param \App\Models\User $model
* @return \Illuminate\Auth\Access\Response|bool
*/
public function update(User $user, User $model)
{
if ($user->can('user_update')) {
return true;
}
}
/**
* Determine whether the user can delete the model.
*
* @param \App\Models\User $user
* @param \App\Models\User $model
* @return \Illuminate\Auth\Access\Response|bool
*/
public function delete(User $user, User $model)
{
if ($user->can('user_destroy')) {
return true;
}
}
}
CodePudding user response:
for authorize method you have to pass $user instance
$user = User::with('roles')->find($id);
$this->authorize('view',$user);
and in your policy , remove extra user param
public function view(User $user)
{
if ($user->can('user_show')) {
return true;
}
}
CodePudding user response:
The error says that only one parameter was passed, although the existing method expects two.
Perhaps it's not at all obvious to you which method is called - it is the view method of the UserPolicy class.
If we pay attention to it, we will indeed see that the method expects two parameters.
public function view(User $user, User $model)
Try removing the last option - that should help. Your method will looks:
public function view(User $user)